1

次のコマンドを使用してデプロイしようapp.yamlとしています。queue.yaml

gcloud --verbosity=debug --project PROJECT_ID app deploy app.yaml queue.yaml

役割を持つ新しいサービス アカウントを作成しました

  • App Engine デプロイ担当者
  • App Engine サービス管理者
  • Cloud Build サービス アカウント

を展開するためのapp.yamlもので、単独で動作します。をデプロイしようとするとqueue.yaml、次のエラーが表示されます。

DEBUG: Running [gcloud.app.deploy] with arguments: [--project: "PROJECT_ID", --verbosity: "debug", DEPLOYABLES:1: "[u'queue.yaml']"]
DEBUG: Loading runtimes experiment config from [gs://runtime-builders/experiments.yaml]
INFO: Reading [<googlecloudsdk.api_lib.storage.storage_util.ObjectReference object at 0x7fcc7dba0dd0>]
DEBUG: API endpoint: [https://appengine.googleapis.com/], API version: [v1]
Configurations to update:

descriptor:      [/home/dominic/workspace/PROJECT/api/queue.yaml]
type:            [task queues]
target project:  [PROJECT_ID]


DEBUG: (gcloud.app.deploy) PERMISSION_DENIED: The caller does not have permission
Traceback (most recent call last):
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 983, in Execute
    resources = calliope_command.Run(cli=self, args=args)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 807, in Run
    resources = command_instance.Run(args)
  File "/usr/lib/google-cloud-sdk/lib/surface/app/deploy.py", line 117, in Run
    default_strategy=flex_image_build_option_default))
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/command_lib/app/deploy_util.py", line 606, in RunDeploy
    app, project, services, configs, version_id, deploy_options.promote)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/command_lib/app/output_helpers.py", line 111, in DisplayProposedDeployment
    DisplayProposedConfigDeployments(project, configs)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/command_lib/app/output_helpers.py", line 134, in DisplayProposedConfigDeployments
    project, 'cloudtasks.googleapis.com')
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/api_lib/services/enable_api.py", line 43, in IsServiceEnabled
    service = serviceusage.GetService(project_id, service_name)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/api_lib/services/serviceusage.py", line 168, in GetService
    exceptions.ReraiseError(e, exceptions.GetServicePermissionDeniedException)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/api_lib/services/exceptions.py", line 96, in ReraiseError
    core_exceptions.reraise(klass(api_lib_exceptions.HttpException(err)))
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/core/exceptions.py", line 146, in reraise
    six.reraise(type(exc_value), exc_value, tb)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/api_lib/services/serviceusage.py", line 165, in GetService
    return client.services.Get(request)
  File "/usr/lib/google-cloud-sdk/lib/googlecloudsdk/third_party/apis/serviceusage/v1/serviceusage_v1_client.py", line 297, in Get
    config, request, global_params=global_params)
  File "/usr/bin/../lib/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 731, in _RunMethod
    return self.ProcessHttpResponse(method_config, http_response, request)
  File "/usr/bin/../lib/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 737, in ProcessHttpResponse
    self.__ProcessHttpResponse(method_config, http_response, request))
  File "/usr/bin/../lib/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 604, in __ProcessHttpResponse
    http_response, method_config=method_config, request=request)
GetServicePermissionDeniedException: PERMISSION_DENIED: The caller does not have permission
ERROR: (gcloud.app.deploy) PERMISSION_DENIED: The caller does not have permission

次の役割も試しました。

  • クラウド タスク管理者
  • Cloud Tasks キュー管理者
  • Cloud Tasks サービス エージェント

今のところプロジェクト編集者の役割を使用していますが、これは機能しますが、実際に必要な役割のみを許可したいと考えています。

4

2 に答える 2